Taxonomy AHG Meeting 2/20/2014
Jump to navigation
Jump to search
Quick Links: Taxonomy | Taxonomy Project Management | Taxonomy AHG Catalog | Taxonomy AHG Glossary |
Attendees: Ryan Galluzzo, Jim Fenton, Mike Garcia, Suzanne Lightman, Eric Krum, Christopher Spottiswoode, Robert Faron, Jonathan Rosenberg, Kennie Kwong, Kaliya Hamlin, Sal D’Agostino, Anne Racuya-Robbins Objectives:
- Continue discussion of anonymity and pseudonymity
Glossary Update
- The Management council has approved the terms and they will be sent to Bob Blakely, plenary chair, as it’s his responsibility to determine the next steps with the plenary for plenary adoption.
Pseudonymous Interaction
- 800-63 suggests that without something to trust (such as a legal name) then the assumption is that any digital identity is a pseudonym.
- Kaliya suggested that this conversation needs to start with a definition of pseudonym. There is a difference between a “name space” and the “identifier” used by a system.
- Jim suggested we need to determine some sense of what we mean by pseudonymity before we can define a pseudonymous interaction. There is a very wide range of outlooks around the term pseudonym.
- Suzanne suggested the key to pseudonymity or pseudonymous transactions could be the ability to verify attributes and persistence (where the user chooses) across multiple transactions.
- The group initially chose to focus on the concept of an interaction since it does not necessarily take into account a “state of being.” Instead, it focuses on an individual event in time. It is less complicated than trying to define pseudonym.
- The group will continue to prioritize the “interaction” going forward.
- The current definition is premised upon preventing identification of an entity through the release of attributes for a single interaction and the collection of attributes over time. It creates expectations for participants as well.
- After further conversation, the group arrived at the following definition:
- An interaction for which the data released and collected is not intended to be sufficient to infer the entity involved, but for which multiple interactions to the same relying party may be associated with each other.
- There was consensus on the current definition.
Anonymous Interactions
- Based on the “pseudonymous interaction” discussion the following updated definition was suggested:
- An interaction for which the data released and collected is not intended to be sufficient to infer the entity involved, and for which information to correlate multiple interactions to the same relying party is not provided.
- There was suggestion that “intended” should not be included in the definition for an anonymous interaction. However, others argued it may not be possible to achieve “not sufficient to infer”—which could result in unclear expectations for users if “intended” were removed from the definition.
- There was suggestion that “intended” should be replaced with “designed.”
- There was no decision made to use one term over the other. This will be discussed further at the next meeting.
Actions
- Mike Garcia will email potential modifications to the term “anonymous interaction”
Quick Links: Taxonomy | Taxonomy Project Management | Taxonomy AHG Catalog | Taxonomy AHG Glossary |